The present invention generally relates to systems for providing shared access to a software application, and more particularly, to systems and techniques which provide concurrent access by multiple participants to a single shared session of a software application served by a web server.
Due to the widespread use and popularity of computer networks such as the Internet, software application developers have developed software applications which a computer user can access remotely over a network. As an example, a computer user can use web browser software to access, via the World Wide web suite of protocols, a web server that provides access to, or xe2x80x9cservesxe2x80x9d a software application. Typically, the web server operates as a front-end to receive requests from the web browser software and to forward those requests to the software application. The software application then performs some processing in response to receipt of the request and returns application response information to the web server. The web server then forwards the application response information back to the web browser software over the computer network in the form of a web page which the browser can display for use by the computer user.
Many applications which web servers serve in this manner are transactional in nature. The application receives requests via the web server that originate from specific client browsers associated with specific computer users. The application processes those requests in relation to some application data associated with those individual computer users as specified in some manner within the requests. Once processed, the application returns application response information that is customized or personalized to the identity of the computer user associated with the web browser that originated the request. Such multi-user applications can typically handle requests from many users concurrently, with each set of requests from each user defining a particular set of transactions carried out on behalf of that user alone.
As a simple example, a computer user may use a web browser to connect to a web server provided on the Internet by a bank or other business institution. Via the web browser, the computer user may query a financial software application served by the web server to determine bank balances, stock holdings, or other transaction information. Such information is generally specific to the user originating the request. Other computer users using other web browsers may provide similar queries to the web server to obtain information specific to those users. These types of web and application server arrangements support a distinct communications session for each respective computer user to manage a set of respective transactions related to that user.
In certain instances, a computer user accessing a web server may request or require assistance from another person to properly interact with a web site (a web server providing access to an application). Perhaps the computer user is unfamiliar with the application being served by the web server and therefore may require some assistance during initial attempts to interact with the application. The computer user might be able to place a telephone call to a representative or agent within a call center operated by the institution (business, agency, etc.) that provides the web site to ask questions about how to interact with the software application served from the site. Based on the advice of the agent, the computer user is then able to properly interact with the software application.
The ease by which a computer user is able to contact a representative or agent associated with a particular web site defines a level of customer relationship management (CRM) provided by the business or other institution within its call or support center in relation to the web site. Some conventional web sites, for instance, allow computer users to send email containing questions to the support center associated with the web site. An agent or representative within the support or call center can receive the email and reply to the customer via a callback (via telephone) or can simply reply to the customer using e-mail.
In other cases, a computer user may select a callback feature via their computer which automatically establishes a telephone call between an agent and the computer user. In the case of an automatic callback, assuming the computer user can access the application via their browser over the computer network (e.g., via a dedicated network connection) while simultaneously receiving the callback (e.g., via a telephone call), the agent or representative of the institution associated with the web site can guide the computer user through the process of interacting with the web site application in real-time. This simple form of interaction between the computer user and the agent or representative is called collaboration.
Another form of collaboration occurs when two or more people (e.g., a customer and an agent) share access to a software application. In the context of a web site serving a particular software application, conventional collaboration techniques may allow, for instance, a computer user such as a customer to first interact with the software application to enter or provide some information or data which is maintained within the software application. Subsequently, possibly in response to the customer calling or sending an email to the agent of the institution providing the application, an agent user may further interact with the application via an agent computer to view and/or manipulate the data entered by the computer user.
By way of example, suppose a computer user interacts with a retailing web site to make a purchase but incorrectly enters his or her address information and is unable to determine how to alter the address information for correction. The user may subsequently provide email or place or request a telephone call to a call center staffed with agents responsible for assisting customers associated with the retailing web site. In response to receiving the correct address information from a customer (via an email or the telephone call), an agent can access the application to retrieve the order placed by the customer to update the customer address information. The update operation may be made while the customer interacts with other portions of the retailing web site besides the address information portion. When the customer returns to the portion of the web site containing that customers address information, the customer may observe that the address has been properly updated based on the collaboration between the customer and the agent.
Another prior art mechanism providing collaboration between two users and a software application over a computer network is called a proxy browser or proxy server. Generally, a proxy server is a software entity that operates in-between computer user web browsers and a web server that serves an application. The proxy server contains proxy information (e.g., proxied web pages) obtained from the application via the web server during an initial user request for the information. When a proxy server receives a new web page of information from the application, the proxy server replaces links within that page of information with links corresponding to information (e.g., web pages) provided within the proxy server. The proxy server then provides or serves the altered or proxied page(s) to other users that request the same information (i.e., that request the same page) as the initial request.
As an example of the operation of a proxy server, if page xe2x80x9cAxe2x80x9d of an application references application pages xe2x80x9cBxe2x80x9d and xe2x80x9cCxe2x80x9d (e.g., via hyperlinks) a conventional proxy server coupled to a web site serving the application will replace references (e.g., links) to application pages xe2x80x9cBxe2x80x9d and xe2x80x9cCxe2x80x9d in a proxy server version of page xe2x80x9cAxe2x80x9d (i.e., the proxied page xe2x80x9cAxe2x80x9d) with references to proxy server versions of pages xe2x80x9cBxe2x80x9d and xe2x80x9cCxe2x80x9d (i.e., proxied pages xe2x80x9cBxe2x80x9d and xe2x80x9cCxe2x80x9d). The proxy server thereafter may handle subsequent user requests for page xe2x80x9cAxe2x80x9d from the web server by serving the proxied page xe2x80x9cAxe2x80x9d from the proxy server. When a user viewing proxied page xe2x80x9cAxe2x80x9d selects, via their browser, a link to page xe2x80x9cBxe2x80x9d or xe2x80x9cC,xe2x80x9d those links will reference the proxied pages xe2x80x9cBxe2x80x9d and xe2x80x9cCxe2x80x9d instead of the pages xe2x80x9cBxe2x80x9d and xe2x80x9cCxe2x80x9d located on the actual web server, since the proxy server replaced the links with references to the proxied pages. Proxy servers thus off-load some of the server processing from the web server. If the proxy does not have the proxied pages, then the request will be forwarded to the web server to obtain the page and the proxy server will cache the subsequent response.
The conventional collaboration techniques discussed above suffer from a variety of drawbacks. For example, conventional collaboration techniques may not offer concurrent access to identical information provided to or from an application served by a web server on behalf of both a computer user (e.g., a web site customer) and an agent or representative with which the computer user collaborates. That is, the design of conventional collaboration systems makes it inherently difficult and in most cases impossible to allow, for instance, an agent to manipulate computer user data (e.g., transactional data) within the application while such manipulations are concurrently apparent to the computer user associated with the transactional data.
Conventional web based application servers (i.e., web servers that provide access to applications) are generally not designed to support concurrent access to the same application information such as transactional data on behalf of multiple users at the same time via a single application session. This is primarily due to the fact that conventional web application servers associate a single communications session with all transactions for a single computer user. The communications session is generally an HTTP session between a specific computer user""s web browser and the web server. The HTTP session is often identified by one or more unique values called xe2x80x9ccookiesxe2x80x9d that are exchanged between the application and the user""s browser. For example, when a computer user requests a bank transaction, the user""s browser passes cookie information specifically associated with that computer user to the bank web server which then forwards that cookie on the application. The application can identify and authenticate specific computer users requesting transactions from other users based on the cookie information provided from each user""s browser.
A collaboration difficulty arises using conventional collaboration technology since it is nearly impossible for another computer user such as the agent or representative in the above examples to step in and control the HTTP user session associated with the initial computer user and to assume the identity of that computer user to further carry on or assist in interaction with the application using that session. One reason for this is that the agent does not have access to cookie and/or other session identification information associated with the computer user""s session. In other words, conventional web server and application design only supports one-to-one interaction between a single computer user and an application, and does not allow multiple users to share a single communications session and its associated transactions with an application. In conventional systems, multiple computer users obtain different application response information when interacting with a web or application server which is determines based on each user""s identity.
Conventional technologies do exist which allow multiple users to access in application in a concurrent manner. An example of such technology is the proxy server noted above which resides between the computer user browsers and the web server. Proxy browsers work well when application response information (e.g., content) that is returned to each computer user is the same. That is, when an application returns a web page that has non-personalized, non-dynamic and/or not transactional information, then each user can receive the same page.
However, conventional proxy servers and related technologies (e.g., proxy browsers) do not support true collaboration on related transactional information within an application on behalf of multiple users, but rather, merely serve as a conduit through which separate transactional requests associated with separate users are handled by an application using separate sessions or threads. In the case of transactional data, a conventional proxy server must still provide each separate transactional request to the web server which then presents each request to the application in the order in which they were received. The application associates each transactional request with a specific computer user session and returns a result retrievable by one specific user. If two users request the same transactional information, the application will handle each request as a separate transaction and will process each request redundantly.
The present invention differs from conventional collaboration technologies in that the present invention allows two or more participants such as a computer user and an agent to share dynamic, personalized, secure and transactional content (e.g., application response information) generated by a web based application or web application server. The system of the invention facilitates collaboration without the need or use of a proxy server or proxy browser between computer user browsers and the web or application server equipped with the invention. The invention also allows multiple participants to access information provided from an application without modifications being required to the application logic and avoids the application having to process the same transaction redundantly for each user requesting the same information.
The present invention is preferably embodied in part as a collaboration adapter that may be incorporated into a web server. In this capacity, the system of the invention is able to create a collaborative shared session that allows two or more independent sessions (e.g., two different computer user HTTP sessions) to share a single shared application session existing in the web or application server. Generally, the system of the invention regulates access to the single shared session by multiple session participants by including a copy service that stores or caches application response information (e.g., web pages containing transactional information) received from the application (e.g., in response to an initial request from a participant for the information) such that the application response information can be provided repeatedly to each requesting participant to the collaborative shared session in the event that those participants request the same information.
Since the system of the present invention caches application response information, such information can be provided repeatedly without requiring interaction with the application itself, therefore eliminating any additional overhead of producing identical application response information (e.g., identical web pages) for multiple requesting participants. Using the invention, application behavior is only performed once in response to an initial request made under a participant identity associated with the shared session (i.e., the owner participant identity), and similar subsequent requests cause the system of the invention to bypass the application behavior preventing redundant application transactions.
The system of the invention provides the shared session between the web server and the application by creating shared session identification information which can include, for example, shared session cookies as well as shared session participant identification information for each participant computer user who accesses the application via the shared session. That is, the invention provides the application with the appearance of a single user session (i.e., the shared session) that is controlling the application.
As will be further explained, by uniquely sharing cookie state contained within shared session identification information and participant session identification information, the collaboration adapter provided by the system of the invention allows shared session participants to exchange cookies within the collaboration adapter of the system of the invention without having the cookies copied to each individual participant computer user client (e.g. each computer user""s web browser). As a result of this technology, any shared session participant may operate on cached application response information (e.g., the shared page returned from the application) as if that participant were the controller of the session. Since session identification information (for both the shared session and each participant) is maintained within the collaboration adapter of the invention, there is no need to copy and provide such information such as cookies to each participant""s browser. This is important because the invention is thus transparent to the application developer, making application development much easier.
The system of the invention also allows the modification of application response information based on a real identity of the participant. For example, a shared session can be associated or xe2x80x9cownedxe2x80x9d by a participant of the shared session. As such, the owner of the shared session may be able to uniquely control the application state of the shared session while all other participants may, for example, only be able to read the contents of the shared session and not control the shared session.
Other features of the invention include the removal, alteration, or the addition of information or content into the application response information based on the identity of the participant requesting the information. For example, if an agent of an institution is collaborating with a computer user and each is a member of a shared session, the application response information presented to the agent may be void of any advertising information for instance, while the same application response information provided to the computer user/customer may contain institutional advertising information. In one particular embodiment, multiple versions of application response information can be stored such that each version is associated with a different respective identity of a shared session participant.
More specifically, the present invention provides systems, methods and computer system arrangements for providing participant access to an application via a shared session.
One method embodiment that accomplishes this task comprises the steps of receiving a first request from a first participant via a first participant session to access the application via a shared session. The first participant can be, for example, a computer user on the Internet using a web browser to access a web server via the first session, which may be an HTTP user session. After receiving the first request, the method substitutes participant session identification information identifying the first participant session within the first request with shared session identification information identifying the shared session to create an altered request. In other words, the invention removes the identity of the requesting participant along with, for example, any access control information, HTTP input buffer information, or the like from the original (i.e., the first) request and replaces this information with similar information obtained from a cache of shared session information. The invention initially establishes shared session identification information (e.g., shared session state information), as will be explained, upon creation of the shared session.
Generally, the shared session identification information contains participant information for an owner of the shared session, who is typically the creator of the shared session unless shared session ownership is transferred. Once the method substitutes this information into the first request to create the altered request, the method forwards the altered request to the application such that the application operates to produce application response information in accordance with shared session identification information contained in the altered request, independently of participant session identification information contained in the first request.
According to another embodiment, the method receives application response information from the application in response to operating on the altered request. It is important to note that the application produces the application response information under the impression that the participant associated with the shared session identity information is the participant who generated the altered request, when in fact this may not actually be the case (i.e., any one of many participants may have sent the request). The method then caches the application response information in a cache of application response information and forwards the application response information to the first participant via the first participant session to allow the first participant to access the application via the shared session. This method can be performed for many participants, such that the application server can be controlled, guided, etc. via the single shared session using the single owner participant identity, even though many different participants are actually submitting the requests to control progression of the shared session.
In another embodiment, the step of forwarding includes the steps of determining if the first participant is the owner of the shared session, and if so, including any application specific cookie information within the application response information forwarded to the first participant, and if not, excluding any application specific cookie information within the application response information forwarded to the first participant. As such, the owner participant of a shared session maintains proper cookie state with respect to the application server 50.
In another embodiment, the method further includes the steps of identifying a second request received from a second participant via a second participant session as a request to join the shared session to access the application. The second request may be, for example, a request for the same application response information as was made by the first request for the first participant. The method then associates the second participant session to the shared session (thus joins this participant to the shared session) and forwards the application response information that is received in response to the altered request to the second participant via the second participant session such that the application does not need to process the second request.
In another embodiment, the step of associating a session of the participant providing second request includes the step of generating shared session participant identification information for the second participant. This allows the second participant to join the shared session. Also, the step of forwarding the application response information that is received in response to the altered request to the second participant includes the step of providing the shared session participant identification information generated for the second participant to the second participant along with the application response information.
In other embodiments, when creating the shared session, the invention includes steps of identifying the first request from the first participant as a request to create a shared session and generating shared session identification information that uniquely identifies the shared session. Then the method performs the steps of associating the first participant session to the shared session and generating shared session participant information for the first participant. The shared session participant information for the first participant uniquely identifies the first participant as a participant in the shared session. The method continues by providing the shared session participant information to the first participant via the first participant session. The browser of the second participant can then thereafter identity itself as a member of the shared session.
In yet another embodiment, the step of generating shared session identification information that uniquely identifies the shared session generates the shared session identification information based on the first request from the first participant which causes the first participant to be the owner of the shared session. Moreover, in such embodiments, the shared session identification information includes at least one of participant identification information associated with the first participant, a name associated with the shared session, access control information associated with the first participant that is required to access the application, communications response buffer information associated with the first participant session and/or a network address associated with the first participant session. This information can be used to allow altered request to appear to the application as being made on behalf of the identity of the participant who is the owner of the shared session.
According to other method embodiments of the invention, a method is included for providing multiple participant access to an application via a shared session. The method includes the steps of receiving a first request from a first participant via a first participant session to access the application via the shared session and determining if application response information specified in the first request is present in a cache of application response information. If so, the method forwards the application response information specified in the first request from the cache to the first participant via the first participant session such that the request does not have to be processed by the application via the shared session. If the application response information specified in the first request is not present in a cache however, the method substitutes participant session identification information identifying the first participant session within the first request with shared session identification information identifying the shared session to create an altered request. The altered request appears to be made on behalf of the shared session participant owner, who may be different than the participant actually submitting the first request. The method then forwards the altered request to the application such that the application operates to produce application response information in accordance with shared session identification information contained in the altered request, independently of participant session identification information contained in the first request.
In other embodiments, the method includes receiving application response information from the application in response to the application operating on the altered request and the method caches the application response information in the cache of application response information. The method then forwards the application response information received in response to the application operating on the altered request to the first participant via the second participant session to allow the first participant to access the application via the shared session. In this manner, the altered request based on the first request can be made based on the identity of the participant owning the shared session, instead of the participant making the first request (though in same cases these may be the same participant, while in others they may be different).
According to other embodiments, the method receives a second request from a second participant via a second participant session to access application response information received in response to the application operating on the altered request. In other words, a second request for the same information (e.g., a web page) obtained via the first request may be received. In response to receiving the second request, the method forwards the application response information cached in response to the application operating on the altered request to the second participant via the second participant session to allow the second participant to access the application response information via the shared session without requiring the application to operate on the second request. This avoids the application having to process redundant operations for the same transactional information.
In other embodiments, the formerly recited steps of forwarding the application response information include the step of determining if a participant requesting the application response information is the owner of the shared session, and if so, including application specific cookie information within the application response information before forwarding the application response information, and if not, excluding application specific cookie information within the application response information before forwarding the application response information. In this manner, the owner of the shared session (generally, the creator unless ownership is transferred, as will be explained) maintains proper cookie state with the application or application server.
In yet other embodiments, the steps of forwarding the application response information include the step of determining an identity of a participant requesting the application response information and altering content of the application response information based on the identity of the participant requesting the application response information and then forwarding the application response information to the participant requesting the application response information. In this manner, the invention can determine who is requesting a web page, for example, and can alter the contents of the web page within the shared session for that requesting participant, while other participants might received differently altered pages. The identity (e.g., a cookie) of a participant can be used to determine who the participant is and thus can be used to select from various content alterations.
In other embodiments, if the second request (i.e., another request for the same page as a formerly received first request) is received before completion of the step of receiving application response information from the application in response to the application operating on the altered request, the method performs the steps of forwarding a predefined response to the second participant via the second participant session indicating that the application response information requested is not yet available. In this manner, participants are not left waiting without an indication of how the shared session is operating. The method then can defer processing of the step of forwarding the application response information in response to receiving the second request until the application has operated on the altered request to produce the application response information requested in the first and second requests. In other words, when the first request causes the altered request via the shared session to finally return the requested information, the second request can be queued up and serviced when the requested information becomes available, and the second request does not need to be serviced by the application.
In another embodiment, the step of forwarding includes the step of determining a participant identity of a first participant requesting the application response information and including the identity of the first participant in the altered request in addition to shared session identification information to allow the application to conditionally operate on the altered request based on the identity of the participant, independently of shared session identification information contained in the altered request. In this manner, the application can be accessed on behalf of the shared session, but can also obtain the identity of the actual participant requester. Thus if the application desires to do some additional or conditional processing based on the true identity of the participant requesting access via the shared session, independently of the identity of the shared session owner participant, the application may do so. The application thus can, for instance, alter content of application response information, limit access to transactional data or functions, and so forth.
Other embodiment include the steps of deciding if the first participant is allowed to access the application via the shared session by consulting an access control list associated with the shared session, and if so, allowing access to the shared session by the first participant as specified in the access control list, and if not, rejecting access to the shared session by the first participant. In this manner, the invention provides security to shared sessions. The access control list (ACL) may define what operations (e.g., read only, read, view but not submit or perform HTTP posts, etc.) a participant can request of an application via the shared session.
In still other embodiments, the shared session may be a restricted shared session and the method may include the step of detecting if the first request is a request by the owner of the shared session to terminate the shared session, and if so, terminating sessions of all participants to the shared session. Thus if a shared session is restricted and the owner decides to leave the shared session, all other participants are forced to leave as well.
In other embodiments, the method includes the steps of receiving a subsequent request from a participant to the shared session to access the application response information requested in the first request and determining if the application response information is available without forwarding an altered request to the application, and if so, forwarding the application response information to the participant to the shared session originating the subsequent request. This avoids the application having to process redundant requests for the same information.
In other embodiments, the step of receiving a first request includes the steps of detecting a transfer shared session ownership command within the first request and authenticating that the first participant is authorized to transfer ownership of the shared session. If so, the method substitutes a shared session participant identity defined within the shared session identification information with shared session participant identification associated with the first participant, such that the first participant becomes the owner of the shared session. This allows a participant (preferably the owner or other privileged user) to transfer shared session ownership.
In still other embodiments, the shared session identification information is distributed and accessible by multiple web servers. This allows an e-commerce web site that employs the system of the invention to be distributed, for example, behind a load balancer.
Other embodiments of the invention includes computer system arrangements providing participant access to an application. According to one such embodiment, the computer system arrangement includes an input/output interface, at least one memory system, and a processor coupled to the input/output interface and the memory system. The memory system (there may be more than one) is encoded with an application and a web server process including a collaboration adapter that, when performed on the processor, causes the computer system arrangement to perform the operations of receiving, over the input/output interface, a first request from a first participant via a first participant session to access the application via a shared session between the web server and the application. When further performed, the collaboration adapter process substitutes, in the memory system, participant session identification information identifying the first participant session within the first request with shared session identification information identifying the shared session to create an altered request and forwards the altered request to the application such that the application operates to produce application response information in accordance with shared session identification information contained in the altered request, independently of participant session identification information contained in the first request.
Other embodiments of computer system arrangements are also provided that perform all of the method steps in the method embodiments discussed above and elsewhere herein. For example, a web site configured to operate in accordance with any other the methods disclosed herein is considered to be an computer system arrangement or apparatus within the scope of this invention. It is also to be understood that the invention may be employed and/or integrated into an application server, a web server, or both. Alternatively, the collaboration adapter may operate as a plug-in software module, dynamically linked library, or other modular addition to existing web and application server platforms.
Embodiments of the invention also include computer program products such as disks, or other readable media that have a computer-readable medium including computer program logic encoded thereon for operating in a computerized device, such that the computer program logic, when executed on at least one processing unit with the computerized device, causes the at least one processing unit to perform any and/or all of the aforementioned methods embodiments.
The methods and arrangements of the invention are preferably implemented primarily by computer software and hardware mechanisms within a web site server and/or application server system. The computer program logic embodiments, which are essentially software, when executed on at least one processing unit with the data communications device, causes the at least one processing unit to perform the method techniques outlined above, as well as all operations discussed herein that can be performed by software program(s) executing on computer hardware. In other words, these arrangements of the invention are generally manufactured as a computer program(s) stored on a disk, memory, card, or within a prepackaged operating system, web server application, or other such media that can be loaded into a computer system, server or other data communications device to make the device perform according to the operations of the invention.
The features of the invention, as summarized above, may be employed in data communications devices, web or application server software, and/or other computerized devices and/or software systems such as those manufactured by Cisco Systems, Inc. of San Jose, Calif., the assignee of the present invention.